NVD

Id
38164  
Name
CVE-2013-2050  
Description
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2014-01-10  
Modified Date
2014-01-17  
Seq
2013-2050  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
195100 38164 CVE-2013-2050 http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt  View
195101 38164 CVE-2013-2050 64524  View
195102 38164 CVE-2013-2050 cloudforms-cve20132050-sql-injection(89984)  View
195103 38164 CVE-2013-2050 https://bugzilla.redhat.com/show_bug.cgi?id=959062  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24255 JVNDB-2013-005830 Red Hat CloudForms Management Engine および ManageIQ Enterprise Virtualization Manager における SQL インジェクションの脆弱性 Red Hat CloudForms Management Engine (CFME) および ManageIQ Enterprise Virtualization Manager の miq_policy コントローラには、SQL インジェクションの脆弱性が存在します。 CVE-2013-2050 61992 CVE-2013-2050 38164 7.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005830.html 2013-11-12 2014-01-15 View